From owner-freebsd-security Thu Nov 29 11: 6:54 2001 Delivered-To: freebsd-security@freebsd.org Received: from pogo.caustic.org (caustic.org [64.163.147.186]) by hub.freebsd.org (Postfix) with ESMTP id 5E8D237B416 for ; Thu, 29 Nov 2001 11:06:50 -0800 (PST) Received: from localhost (jan@localhost) by pogo.caustic.org (8.11.6/8.11.6) with ESMTP id fATJ6h470358; Thu, 29 Nov 2001 11:06:43 -0800 (PST) (envelope-from jan@caustic.org) Date: Thu, 29 Nov 2001 11:06:43 -0800 (PST) From: "f.johan.beisser" X-X-Sender: To: Brett Glass Cc: Kris Kennaway , Mauro Dias , Subject: Re: sshd exploit In-Reply-To: <4.3.2.7.2.20011129113349.04722900@localhost> Message-ID: <20011129105830.G16958-100000@localhost> X-Ignore: This statement isn't supposed to be read by you X-TO-THE-FBI-CIA-AND-NSA: HI! HOW YA DOIN? MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 29 Nov 2001, Brett Glass wrote: > What's more, we do not know whether the binary exploit that's now being > distributed across the Net is for this or some other vulnerability. > As Security Officer, have you run the exploit against 4.4-RELEASE to > see how it behaves and if 4.4-RELEASE is immune? This is important, since > without a disassembly we do not know whether the exploit attacks this > vulnerability or a different (possibly related?) one. We also do not know > if the claimed fix was fully effective against all possible exploits. i've run the binary against 4.2-RELEASE to 4.4-RELEASE. in each case the attack failed. -- jan -------/ f. johan beisser /--------------------------------------+ http://caustic.org/~jan jan@caustic.org "John Ashcroft is really just the reanimated corpse of J. Edgar Hoover." -- Tim Triche To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message